Maybe you want to change the installation method (kubectl, helm2, helm3, etc) of cert-manager.
Maybe you just want to get rid of it and use something else.
In any case, cleaning up a cert-manager installation can get tricky, especially if you have running certificate requests.
There are multiple guides on this, and an ChatGPT/Copilot can help you as well. The problem is when you get stuck challenges that cannot get deleted, and cannot be edited because of a deadlock.
The challenge is trying to call the cert-manager webhook, but the cert-manager webhook is already deleted. And so the challenge lives forever. Unless…
This gave me the idea, although it’s not complete. A very helpful command at the end of the page claims to clean up pending challenges:
kubectl delete mutatingwebhookconfigurations cert-manager-webhook
kubectl edit challenge <the-challenge>and change the .metadata.finalizers field to an empty list ([]) by editing the challenge resource:
What is missing from this (and any) guide is that you must delete another webhook as well:
kubectl delete validatingwebhookconfigurations.admissionregistration.k8s.io cert-manager-webhookAnd then you can clean up any challenges and any traces of cert-manager (most likely to install another version of it).